A penetration test involves probing a computer system or network to identify and exploit vulnerabilities. It allows you to provide customers with a complete picture of their security posture
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSecurityChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
by which you can
measure the health of the network at future intervals. This series of tips by SearchSecurityChannel
expert Russell
Dean Vines explores the penetration testing process in detail. If you have questions about the
process, submit them to Russell via our Ask
the Expert feature.
TIP #1 ----------------------------------------------------------------------------------------------
An
introduction to penetration testing and its legal implications for VARs and consultants
Learn the importance of conducting a penetration test and how to sell such a service to your
clients. Also, learn how to protect yourself and your client from legal risks.
TIP #2 ----------------------------------------------------------------------------------------------
Reconnaissance:
Footprinting, scanning and enumerating
The three pre-test phases of penetration testing – reconnaissance – help to create a complete
picture of your client's security posture. Learn how to conduct footprinting, scanning and
enumerating.
TIP #3 ----------------------------------------------------------------------------------------------
Ethical
hacking tools and techniques
Penetration testers should use the same tools a malicious intruder would use to hack a network.
Learn how to use information gathering, port scanning, vulnerability scanning and password cracking
tools.
TIP #4 ----------------------------------------------------------------------------------------------
Big
bad bugs
You may uncover a variety of vulnerabilities when conducting a penetration test of your client's
network, but a few are more common than others. Learn how to identify Trojan horses, buffer
overflows, SQL injection and cross-site scripting vulnerabilities.
TIP #5 ----------------------------------------------------------------------------------------------
Securing
wireless access points
A thorough penetration test of today's networks should include wireless. Learn how to pen test and
secure wireless LANs.
TIP #6 ----------------------------------------------------------------------------------------------
Social
engineering, IDS and honey pots
There are three more tools hackers can use to learn about networks. Learn how to use social
engineering, an intrusion detection system and honey pots as part of a penetration test.
 |
|
|
|
|
|
About the author
Russell Dean Vines is a bestselling author, Chief Security Advisor for Gotham Technology Group,
LLC, and former President of the RDV Group. His most recent book is The CISSP and CAP Prep
Guide, published by John S. Wiley and Sons.
This was first published in August 2007